Instructions

ZOOM IN by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.

MOVE the page around when zoomed in by dragging it.

ADJUST the zoom using the slider on the top right.

ZOOM OUT by clicking on the zoomed-in page.

SEARCH by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues
respectively.
.

PRINT by clicking on thumbnails to select pages, and then press the
print button.

SHARE this publication and page.

ROTATE PAGE allows you to turn pages 90 degrees clockwise or counterclockwise.Click on the page to return to the original orientation. To zoom in on a rotated page, return the page to its original orientation, zoom in, and
then rotate it again.

CONTENTS displays a table of sections with thumbnails and descriptions.

ALL PAGES displays thumbnails of every page in the issue. Click on
a page to jump.

Passwords, it often seems
are like a plague of the
digital age. Good pass-
words are often difficult
to remember; easy ones
offer little protection and
are not worth having at
all.
Passwords are used to validate access to
everything from phones, laptops and wireless
networks, to social media, e-commerce and
online banking accounts. With so much of
modern life dependent on the access provided
by passwords, getting them right is critical to
securing your digital assets and even your
identity.
Security vs convenience
The primary purpose of a password is to
serve as a unique verification identifier for a
given user. Ideally, a password should be both
random and unique. When the letters or num-
bers in the password follow any patterns, it
makes it easier for a hacker to guess.
For example, someone may put a string of
numbers like "123456 or their birth-year like
"1998 in their password. This may make the
passwords easier to remember, but conse-
quently also easier to break.
"Easy to remember, simple to hack pass-
words are leaving online users and corporate
networks increasingly vulnerable to attack,"
according to Stephen Lee, CEO of US-based
IT services firm ArkiTechs Inc, and a founding
member of the Caribbean Network Operators
Group, CaribNOG. Lee's firm conducts security
audits across the Caribbean and has found a
startlingly high incidence of poor password
practices on corporate networks.
"The issue of weak passwords is not unique
to the Caribbean. It is an industry wide chal-
lenge. Relying exclusively on passwords is a
notoriously bad approach to securing access
to digital services," Lee said.
The core problem is that there is always a
trade-off between security and convenience.
Users try to keep passwords simple, because
that makes them easier to remember. But
making them simple, makes them less secure.
However, making a password more complex
can also backfire because it becomes far more
difficult to remember. This leads users to writ-
ing them on post-it notes, sharing it with col-
leagues or storing them in a document or
spreadsheet.
The cost of weakness
With an increasing number of high-profile
data heists and more cybersecurity information
entering the public domain, the risks and pit-
falls of using weak passwords is becoming
clearer.
Hopefully, that clarity will lead more people
to taking steps to protect themselves by using
stronger passwords and using different pass-
words for online services. But the stakes are
simply too high to wait on hope.
One of the major factors in cybercrime and
identity theft is the ability to use a single stolen
password to access multiple accounts that
store or transmit them, according to the report,
according to Javelin Strategy & Research's 2014
Identity Fraud Report: Card Data Breaches
and Inadequate Consumer Password Habits
Fuel Disturbing Fraud Trends.
This makes weak-password enabled security
breaches very costly for individuals and organ-
isations. When estimating damages organi-
sations must factor the costs of outsourcing
support, forensic investigations, notifying cus-
tomers, in-house investigations and commu-
nication with affected customers. Gartner esti-
mates global losses from cybercrime total
nearly US$400 billion annually.
Strengthening authentication
With cybercrime and identity theft on the
rise and password theft the main cause, con-
sumers and businesses alike should focus on
strengthening their authentication security to
avoid becoming a statistic.
For this reason many companies are moving
to fingerprint or other biometric authentication
methods in an attempt to make it easier for
users to sign-in and to make systems more
secure as well. But it's going to be a while
before we can eliminate passwords altogether.
What can password dependent users and
network administrators do in the meanwhile?
The security experts at CaribNOG recommend
the follow measures:
1. Use strong passwords: Conventional
wisdom holds that a password contain-
ing uppercase letters, lowercase letters, digits,
and punctuation is hard to crack. It turns out
that's not entirely true. Hackers will crack
@v67dS1&X^r3 before they crack ANRR-
AttackWithFullForce or WeCan-
MakeITifWeTryJustALittleHarder.
The longer your password or passphrase,
the harder it is for hackers to crack it. Type
in a favourite quote or sentence, omitting
spaces, and you've got a decent passphrase.
2. Don t be obvious: When you go to add
numbers, don't use your birthdate,
house number, license plate, phone number,
or anything someone could easily associate
with you. Use a phrase or sentence that has
personal meaning and you'll wind up with a
password that's both memorable and unguess-
able.3. Do NOT reuse passwords: Complex
passwords can be hard remember.
That's why most users opt for convenience
over security. But creating a weak password
and then using it across multiple services is
just asking for trouble. If your credentials are
compromised on one site, you are exposed on
all the other services that share those creden-
tials.
A Trustwave analysis of a password list (with
millions of entries) retrieved from hackers
found that 30 per cent of users who had
accounts across multiple social media accounts
had reused their passwords. Each of these
accounts would be vulnerable to a password
reuse attack.
The best way to keep mitigate the risks of
having any one of your online accounts com-
promised is to maintain different login cre-
dentials for each one.
4. Use password managers: Once you
make the right choice to have a dif-
ferent password for every account, you'll need
a password manager to help you keep track
of things.
Password managers are software tools that
act as digital lockers for your credentials. They
not only act as a secure repository for your
passwords, they also make managing and gen-
erating strong, unique passwords for your
accounts a breeze.
The best come with the option to sync
across multiple devices. Some log in to sites
for you, others audit your passwords to make
sure you're not using the same in too many
places. Popular password managers include
pay-for options such as Dashlane, 1Password
and LastPass; as well as freeware products
like KeePass, LastPass and PasswordBox Pre-
mium.
5. Use multi-factor authentication: Multi-
factor authentication requires you to
use a code generated on, or sent to another
device, like a smartphone, in addition to your
password.
Two-factor authentication is already used
by a large number of financial institutions,
particularly in Europe. Google and Facebook
have also enabled two-factor authentication.
It shouldn't be long until this becomes com-
monplace for online services that store your
data.
Bevil Wooding is the chief knowledge
office at Congress WBN (C-WBN) an inter-
national non-profit organisation and exec-
utive director at BrightPath Foundation,
responsible for C-WBN's technology edu-
cation and outreach initiatives. Follow on
Twitter: @bevilwooding
BG18 COMMENTARY
BUSINESS GUARDIAN www.guardian.co.tt MARCH 2015 • WEEK THREE
Technology
Matters
Bevil Wooding
Time to strengthen your password
Weak passwords exposing individuals and businesses to risk
2014 Top 10 Worst Passwords
SplashData annual list contains the 25 most common passwords found on the In-
ternet, thus making them the "worst passwords" that can expose any user to being
hacked or having their identities stolen. The list demonstrates the importance of
keeping names and simple numeric patterns out of your passwords.